DEV Community

Sedky Abou-Shamalah
Sedky Abou-Shamalah

Posted on • Edited on

Setting up AWS Appsync for unauthenticated users

Edit:
Here's an updated version of this blog:
https://sedkodes.com/blog/aws-appsync-for-unauthenticated-users

This took me days to get the handle of, so here's to hoping I can save anybody else the trouble.

so you want to expose some of your queries (but not all!) to public users, so that users can use/interact with your app before having to sign up. Makes sense!!

Well, it's a royal PITA.

  1. Set your Appsync API to be protected by IAM
    Image description

  2. Create a Cognito identity pool, and create a role for unauthenticated users:
    Image description

  3. For the unauthenticated role, specifically assign the fields/types you want.

If you'd like to be confused by AWS' documentation of how to do this, start here, or here.

Alternatively, you can copy this template where I give access to two subscriptions only:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:GraphQL",
            "Resource": [
                "arn:aws:appsync:*:*:apis/*/types/*/fields/onCreateOrders",
                "arn:aws:appsync:*:*:apis/*/types/*/fields/onUpdateOrders"
            ]
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

Finally, in our JS code, I use the Amplify SDK, so here's how I configure that:

const config = awsRealtimeConfig: {
        aws_appsync_graphqlEndpoint: "https://<graphql-id>.appsync-api.<aws-region>.amazonaws.com/graphql",
        aws_appsync_region: "<region>",
        aws_appsync_authenticationType: 'AWS_IAM',
        Auth: {
            identityPoolId: 'us-east-2:pool-id-here',
            region: 'us-east-2',
        }
    },

Amplify.configure(config)
Enter fullscreen mode Exit fullscreen mode

Top comments (0)